Tips for reducing security risks in 2013

It is a well-known fact that the world of business has changed beyond all recognition in recent
years. As technology has evolved, so has the world of e-commerce, mobile and digital, to the extent
that the business and technological landscape is completely different to that of three or four
years ago.

At the same time, however, it is important to remember that we have also seen the security
threats that businesses face consistently evolving at the same rate.

While it is impossible to predict where we will be in four or five years' time, and which
security threats will be most prominent, it is easier to predict what the main security bug-bears
of 2013 will be.

Here are my best educated guesses, in no particular order, along with my recommended solutions
for dealing with them.

Advanced persistent threats

Advanced
persistent threats (APTs) are likely to become a growing threat in 2013, as attackers broaden
their target areas. Traditionally, these highly sophisticated attacks have been reserved for the
defence establishment. However, perpetrators are increasingly targeting enterprises across a range
of industries.

Enterprises need to be aware that APT attackers have increasing resources to sustain targeted,
multi-pronged attacks over a long period of time. To counteract APTs, IT security practitioners
need to understand and locate the vulnerabilities that APTs exploit.

Intelligence gathering needs to go a step beyond just researching malware, to understanding the
systems used by an organisation and what the risks are. Consequently, strategies and policies
should be devised to mitigate the risks and vulnerabilities, as user education is paramount to
prevent social engineering.

We must remain focused on security in 2013 to stay safe and
secure and make it a tough year for would-be attackers

Pat Phillips, Xceed Group

Recommendation: Advanced intelligence gathering to form strategies to prevent an APT
attack.

Mobile malware

An increase in bring-your-own-device
(BYOD) schemes poses a significant security risk to enterprises. Not only are these devices at risk
of contracting malware, challenges can also be seen if a device is lost or stolen. In addition,
mobile devices are being used to access social media, increasing the chances of reputational
damage.

A practical and standardised policy should be put in place to ensure that the risks of a
security breach are minimal. Restricting or controlling access to confidential information will
minimise the risks of a security breach. Determining clear security policies on the use of personal
devices in the workplace will also benefit the security of the enterprise. Such policies should be
enforced by technology.

Cloud computing

Security within IT environments is a difficult and complex challenge, even more so in the cloud due to
its seamless scalability, multi-tenancy and third-party housing.

The use of datacentres for cloud environments has raised a number of questions concerning
security. A common misconception is that the responsibility of data lies with the service provider,
when in fact it is with the company in question in which responsibility lies.

Organisations have been reluctant to use cloud environments as they may have no way of
determining whether their data is being treated with the same level of diligence that they would
use themselves.

Recommendation: Adopt information security audits with service suppliers as part of an
overall best practice framework. Use best practice security models when determining the storage of
data.

Download further resources on security threats

Internal threats

IT departments have focused a great amount of time, effort and expenditure on minimising the
risk of a security breach from external sources. Nevertheless, one of the biggest threats to
enterprises comes from internal breaches.

Interestingly, internal breaches caused by malicious intent are remarkably low, while the
majority are due to employee negligence. The main problem is employees using the internet for
personal use, increasing the risks of virus infection and spyware.

This is a problem that has been consistent over the past few years. Enterprises have attempted
to minimise the problems through controls and policies in the past, however there is now a
significant shift to allow such access. The associated risks should be understood and
mitigated.

Of course, this is by no means an exhaustive list, and there are a number of other threats that
we shall no doubt come up against in the coming 12 months, but let’s all remain diligently focused
on security in 2013 to make sure we stay safe and secure and make it a tough year for would-be
attackers!

Pat Phillips is practice director at independent IT and business change professional services
firm Xceed
Group.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it's crucial to stick to the security basics.

The Open Data Platform has arrived, but not all Hadoop vendors are on board. The initiative, aimed at boosting interoperability, formed a backdrop for discussion at the Strata + Hadoop World 2015 conference.